Skip to main content

Tool for convergently encrypting files used by MetaDisk.

Project description

Build Status Coverage Status PyPI version

This is a library used by MetaDisk to convergently encrypt and decrypt files. It contains helper methods to encrypt and decrypt files inline (without using extra space) and to stream decryption.

Installation

You can easily install file-encryptor using pip:

pip install file_encryptor

Usage

Here’s an example to encrypt a file inline using convergent encryption:

import file_encryptor.convergence

key = convergence.encrypt_inline_file("/path/to/file", None)

You can also specify a passphrase:

import file_encryptor.convergence

key = convergence.encrypt_inline_file("/path/to/file", "rainbow dinosaur secret")

To decrypt a file inline, you need the key that was returned by the encrypt method:

import file_encryptor.convergence

key = convergence.encrypt_inline_file("/path/to/file", "rainbow dinosaur secret")

convergence.decrypt_inline_file("/path/to/file", key)

The reason why you cannot use the passphrase directly is because the key is derived from both the passphrase and the SHA-256 of the original file.

For streaming applications, you can decrypt a file with a generator:

for chunk in convergence.decrypt_generator("/path/to/file", key):
    do_something_with_chunk(chunk)

Cryptoconcerns

The key generation mechanism is the following:

key = HMAC-SHA256(passphrase, hex(SHA256(file-contents)))

If no passphrase is given, a default is used.

The file itself is encrypted using AES128-CTR, from pycrypto. We’re not specifying any IV, thinking that for convergent encryption that is the right thing to do.

Testing

To run tests, execute the following command in the project root:

python setup.py test -a "--doctest-modules --pep8 -v tests/"

To run tests with detailed coverage output, execute:

coverage run setup.py test -a "--doctest-modules --pep8 -v tests/"
coverage report -m --include="file_encryptor/*"

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

file_encryptor-0.2.9.tar.gz (4.8 kB view details)

Uploaded Source

File details

Details for the file file_encryptor-0.2.9.tar.gz.

File metadata

File hashes

Hashes for file_encryptor-0.2.9.tar.gz
Algorithm Hash digest
SHA256 4bc85ce2e2e344eeb74a0c20a29cf4427fcb3ceafcfc314adc6ca348b61b8cd1
MD5 e909519331b31cf0507fe90afbd3bbe9
BLAKE2b-256 330a02a172c320d6f2f4725464ffcad5c415ce2192d8dca031213afcb99653c6

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page